jamparing Posted November 20, 2008 ID:35695 Share Posted November 20, 2008 Hi, i am new here.I get very annoying problem with my personal laptop. It's working slower now, and I couldn't open my task manager, regedit command, and restore system. I was trying to run safe mode but it's also not working. I run Malwarebyte's and it detected that my laptop was infected by hijack.taskmanager. It's cleaned, but after i restart my laptop it keep coming again and again.. I am sure that I need suggestion from experts, please help me!Here I attach the Malwarebyte's log.Malwarebytes' Anti-Malware 1.27Database version: 1127Windows 5.1.2600 Service Pack 211/20/2008 8:16:20 AMmbam-log-2008-11-20 (08-16-03).txtScan type: Full Scan (C:\|D:\|)Objects scanned: 112230Time elapsed: 42 minute(s), 6 second(s)Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 0Registry Values Infected: 0Registry Data Items Infected: 1Folders Infected: 0Files Infected: 6Memory Processes Infected:(No malicious items detected)Memory Modules Infected:(No malicious items detected)Registry Keys Infected:(No malicious items detected)Registry Values Infected:(No malicious items detected)Registry Data Items Infected:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> No action taken.Folders Infected:(No malicious items detected)Files Infected:C:\Program Files\enable task manager and regedit\mws2200.exe (Rogue.MalwareScanner) -> No action taken.C:\System Volume Information\_restore{496DE6FE-C0D7-4858-9A56-1A3A58EF429B}\RP78\A0019414.exe (Rogue.MalwareScanner) -> No action taken.C:\System Volume Information\_restore{496DE6FE-C0D7-4858-9A56-1A3A58EF429B}\RP78\A0019463.exe (Rogue.MalwareScanner) -> No action taken.C:\System Volume Information\_restore{496DE6FE-C0D7-4858-9A56-1A3A58EF429B}\RP78\A0021960.exe (Rogue.MalwareScanner) -> No action taken.C:\System Volume Information\_restore{496DE6FE-C0D7-4858-9A56-1A3A58EF429B}\RP78\A0022017.exe (Rogue.MalwareScanner) -> No action taken.C:\System Volume Information\_restore{496DE6FE-C0D7-4858-9A56-1A3A58EF429B}\RP78\A0022089.exe (Rogue.MalwareScanner) -> No action taken. Link to post Share on other sites More sharing options...
JeanInMontana Posted November 21, 2008 ID:35822 Share Posted November 21, 2008 Hi there jamparing, and welcome to Malwarebytes.Make sure your running as an administrator on the machine. Allow email from Malwarebytes.org and set your preferences in the User Control Panel to email notifications for replies to your topics. This ensures you make prompt replies back and we get you cleaned in the fastest way possible.Please set your system to show all files; Click Start.Open My Computer.Select the Tools menu and click Folder Options.Select the View Tab.Under the Hidden files and folders heading select Show hidden files and folders.Uncheck the Hide protected operating system files (recommended) option.Click Yes to confirm.Click OK.If you haven't already, please get these programs, update and run a complete scan removing all items found.Spybot Search & Destroy Be sure to use the immunize feature. But do not enable TeaTimer at this time. Open SB S&D Make sure you are in Advanced Mode. Click on the Mode link at the top of the program and then Advanced Mode.Click on the Tools section and then Resident.You will see two items.1. Resident "SD helper" (Internet Explorer bad download blocker.) active2. Resident "Tea Timer" (Protection of over-all system settings.) active.Uncheck number 2..Leave number 1 checked always.You can enable Tea Timer again if you wish once all special fixes have been done.Please run a quick scan of your main drive, usually C with MBAM making sure you check all items found for removal. Please post that log in your next reply.Then go here and run a scan PandaActive Scan There is a full tutorial on how to to this at the top of this forum.Post the logs from the Panda and MBAM scans please, along with a log from this program HiJack This! You will post three logs. 1. MBAM scan. 2. Panda Active Scan. 3. HiJack This scan. Please run and post the scans in this order. You will finish the MBAM first so go ahead and post that log, then move on to Panda and so forth.I will analyze the logs and give you further instructions. Be sure to set your email to allow mail from Malwarebytes.org and your personal settings to send an email on reply to your topic. This will let you know when there has been an update to your topic and you can come and see what has been said. Be patient and persistent. These things can take time and many procedures. Link to post Share on other sites More sharing options...
jamparing Posted November 21, 2008 Author ID:35897 Share Posted November 21, 2008 Hi, Jean. Thank you very much for your quick response, I am really appreciating it. I follow your instruction step by step, and here is the MBAM log. Malwarebytes' Anti-Malware 1.27Database version: 1127Windows 5.1.2600 Service Pack 211/21/2008 3:19:10 PMmbam-log-2008-11-21 (15-19-10).txtScan type: Quick ScanObjects scanned: 41106Time elapsed: 3 minute(s), 19 second(s)Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 0Registry Values Infected: 0Registry Data Items Infected: 1Folders Infected: 0Files Infected: 0Memory Processes Infected:(No malicious items detected)Memory Modules Infected:(No malicious items detected)Registry Keys Infected:(No malicious items detected)Registry Values Infected:(No malicious items detected)Registry Data Items Infected:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.Folders Infected:(No malicious items detected)Files Infected:(No malicious items detected)I will do the next scans and send those logs one by one in the next post. Thank you very much. Link to post Share on other sites More sharing options...
jamparing Posted November 21, 2008 Author ID:35905 Share Posted November 21, 2008 (edited) I get diffiiculty in posting my Panda ActiveScan log here, since it's too long. So, I post in the attachment, i hope it's fine...;***********************************************************************************************************************************************************************************ANALYSIS: 2008-11-21 16:45:30PROTECTIONS: 1MALWARE: 3SUSPECTS: 0;***********************************************************************************************************************************************************************************PROTECTIONSDescription Version Active Updated;===================================================================================================================================================================================Zone Alarm Security Suite 7.0.483.000 No No;===================================================================================================================================================================================MALWAREId Description Type Active Severity Disinfectable Disinfected Location;===================================================================================================================================================================================02948524 W32/Sality.AH Virus No 0 Yes No D:\System Volume Information\_restore{496DE6FE-C0D7-4858-9A56-1A3A58EF429B}\RP79\A0022865.exe02948524 W32/Sality.AH Virus No 0 Yes No D:\System Volume Information\_restore{496DE6FE-C0D7-4858-9A56-1A3A58EF429B}\RP78\A0022232.exe02948524 W32/Sality.AH Virus No 0 Yes No D:\statistics program\GAUSS\Gauss\Aptech.GAUSS.Engine.v8.0.0.910\Crack\engauss.exe02948524 W32/Sality.AH Virus No 0 Yes No D:\System Volume Information\_restore{496DE6FE-C0D7-4858-9A56-1A3A58EF429B}\RP78\A0022580.exe03614159 W32/Sality.AK Virus No 0 Yes No C:\Documents and Settings\Deden Dinar Iskandar\My Documents\My Notebook\e-book\WinDjView-0.5.exe03614159 W32/Sality.AK Virus No 0 Yes No C:\Program Files\Adobe\Reader 9.0\Reader\A3DUtility.exe03614159 W32/Sality.AK Virus No 0 Yes No C:\Program Files\Adobe\Reader 9.0\Reader\AcroBroker.exe03614159 W32/Sality.AK Virus No 0 Yes No C:\Program Files\Adobe\Reader 9.0\Reader\AcroRd32.exe03614159 W32/Sality.AK Virus No 0 Yes No C:\Program Files\Adobe\Reader 9.0\Reader\AcroTextExtractor.exe03614159 W32/Sality.AK Virus No 0 Yes No C:\Program Files\Adobe\Reader 9.0\Reader\AdobeCollabSync.exe03614159 W32/Sality.AK Virus No 0 Yes No C:\Program Files\Adobe\Reader 9.0\Reader\Eula.exe03614159 W32/Sality.AK Virus No 0 Yes No C:\Program Files\Adobe\Reader 9.0\Reader\LogTransport2.exe03614159 W32/Sality.AK Virus No 0 Yes No C:\Program Files\Adobe\Reader 9.0\Reader\PDFPrevHndlrShim.exe03614159 W32/Sality.AK Virus No 0 Yes No C:\Program Files\AVG\AVG8\avgcfgex.exe03614159 W32/Sality.AK Virus No 0 Yes No C:\Program Files\AVG\AVG8\avgcmgr.exe03614159 W32/Sality.AK Virus No 0 Yes No C:\Program Files\AVG\AVG8\avgdumpx.exe03614159 W32/Sality.AK Virus No 0 Yes No C:\Program Files\AVG\AVG8\avgfrw.exe03614159 W32/Sality.AK Virus No 0 Yes No C:\Program Files\AVG\AVG8\avgiproxy.exe03614159 W32/Sality.AK Virus No 0 Yes No C:\Program Files\AVG\AVG8\avgscanx.exe03614159 W32/Sality.AK Virus No 0 Yes No C:\Program Files\AVG\AVG8\avgsrmax.exe03614159 W32/Sality.AK Virus No 0 Yes No C:\Program Files\AVG\AVG8\avgui.exe03614159 W32/Sality.AK Virus No 0 Yes No C:\Program Files\AVG\AVG8\avgupd.exe03614159 W32/Sality.AK Virus No 0 Yes No C:\Program Files\AVG\AVG8\fixcfg.exe03614159 W32/Sality.AK Virus No 0 Yes No C:\Program Files\AVG\AVG8\setup.exe03614159 W32/Sality.AK Virus No 0 Yes No C:\Program Files\Common Files\Adobe\Updater6\AdobeUpdaterInstallMgr.exe03614159 W32/Sality.AK Virus No 0 Yes No C:\Program Files\Common Files\Adobe\Updater6\Adobe_Updater.exe03614159 W32/Sality.AK Virus No 0 Yes No C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe03614159 W32/Sality.AK Virus No 0 Yes No C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver2.exe03614159 W32/Sality.AK Virus No 0 Yes No C:\Program Files\Common Files\Microsoft Shared\DW\DW20.EXE03614159 W32/Sality.AK Virus No 0 Yes No C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE03614159 W32/Sality.AK Virus No 0 Yes No C:\Program Files\Common Files\Microsoft Shared\Web Components\11\DFUICOM.EXE03614159 W32/Sality.AK Virus No 0 Yes No C:\Program Files\CONEXANT\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2C06&SUBSYS_14F1000F\UIU32m.exe03614159 W32/Sality.AK Virus No 0 Yes No C:\Program Files\Dell\QuickSet\HotKeys.exe03614159 W32/Sality.AK Virus No 0 Yes No C:\Program Files\Dell\QuickSet\LocProfiler.exe03614159 W32/Sality.AK Virus No 0 Yes No C:\Program Files\Dell\QuickSet\powerset.exe03614159 W32/Sality.AK Virus No 0 Yes No C:\Program Files\Dell\QuickSet\QSUI.exe03614159 W32/Sality.AK Virus No 0 Yes No C:\Program Files\Dell\QuickSet\WiFiLocator.exe03614159 W32/Sality.AK Virus No 0 Yes No C:\Program Files\enable task manager and regedit\sreng2\SREngLdr.EXE03614159 W32/Sality.AK Virus No 0 Yes No C:\Program Files\enable task manager and regedit\xp_taskmgrenab.exe03614159 W32/Sality.AK Virus No 0 Yes No C:\Program Files\FreeFixer\freefixer.exe03614159 W32/Sality.AK Virus No 0 Yes No C:\Program Files\FreeFixer\tools\ffnd\ffnd.exe03614159 W32/Sality.AK Virus No 0 Yes No C:\Program Files\InstallShield Installation Information\{59F6A514-9813-47A3-948C-8A155460CC2A}\setup.exe03614159 W32/Sality.AK Virus No 0 Yes No C:\Program Files\InstallShield Installation Information\{C5074CC4-0E26-4716-A307-960272A90040}\setup.exe03614159 W32/Sality.AK Virus No 0 Yes No C:\Program Files\InstallShield Installation Information\{E646DCF0-5A68-11D5-B229-002078017FBF}\setup.exe03614159 W32/Sality.AK Virus No 0 Yes No C:\Program Files\Kamus2\Uninstall.exe03614159 W32/Sality.AK Virus No 0 Yes No C:\Program Files\Malwarebytes' Anti-Malware\mbam-dor.exe03614159 W32/Sality.AK Virus No 0 Yes No C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe03614159 W32/Sality.AK Virus No 0 Yes No C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe03614159 W32/Sality.AK Virus No 0 Yes No C:\Program Files\Microsoft Office\OFFICE11\1033\MSOHELP.EXE03614159 W32/Sality.AK Virus No 0 Yes No C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE03614159 W32/Sality.AK Virus No 0 Yes No C:\Program Files\Microsoft Office\OFFICE11\FRONTPG.EXE03614159 W32/Sality.AK Virus No 0 Yes No C:\Program Files\Microsoft Office\OFFICE11\MSPUB.EXE03614159 W32/Sality.AK Virus No 0 Yes No C:\Program Files\Zone Labs\ZoneAlarm\MailFrontier\UNWISE.EXE Edited November 21, 2008 by JeanInMontana include edited panda scan Link to post Share on other sites More sharing options...
JeanInMontana Posted November 21, 2008 ID:35947 Share Posted November 21, 2008 I need to see an updated MBAM quick scan log and the HJT log please. Link to post Share on other sites More sharing options...
jamparing Posted November 21, 2008 Author ID:35964 Share Posted November 21, 2008 Thank you very much Jean, here I attach the updated MBAM Quick Scan Log File and HijackThis Log File...1. MBAM Quick Scan Log File:Malwarebytes' Anti-Malware 1.30Database version: 1414Windows 5.1.2600 Service Pack 211/21/2008 11:16:06 PMmbam-log-2008-11-21 (23-16-06).txtScan type: Quick ScanObjects scanned: 51073Time elapsed: 5 minute(s), 37 second(s)Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 0Registry Values Infected: 0Registry Data Items Infected: 1Folders Infected: 0Files Infected: 0Memory Processes Infected:(No malicious items detected)Memory Modules Infected:(No malicious items detected)Registry Keys Infected:(No malicious items detected)Registry Values Infected:(No malicious items detected)Registry Data Items Infected:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.Folders Infected:(No malicious items detected)Files Infected:(No malicious items detected)2. HijackThis Log File:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 11:12:18 PM, on 11/21/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16735)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\ZoneLabs\vsmon.exeC:\WINDOWS\System32\WLTRYSVC.EXEC:\WINDOWS\System32\bcmwltry.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\OEM02Mon.exeC:\Program Files\Dell\QuickSet\quickset.exeC:\WINDOWS\system32\WLTRAY.exeC:\WINDOWS\system32\KADxMain.exeC:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exeC:\WINDOWS\system32\hkcmd.exeC:\WINDOWS\system32\igfxpers.exeC:\Program Files\Zone Labs\ZoneAlarm\zlclient.exeC:\WINDOWS\system32\igfxsrvc.exeC:\Program Files\Common Files\Real\Update_OB\realsched.exeC:\WINDOWS\system32\ctfmon.exeC:\PROGRA~1\AVG\AVG8\avgwdsvc.exeC:\Program Files\SigmaTel\C-Major Audio\DellXPM_5515v131\WDM\STacSV.exeC:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXEC:\PROGRA~1\AVG\AVG8\avgrsx.exeC:\WINDOWS\system32\svchost.exeC:\PROGRA~1\AVG\AVG8\avgemc.exeC:\Program Files\Yahoo!\Messenger\ymsgr_tray.exeC:\WINDOWS\system32\wuauclt.exeC:\Program Files\AVG\AVG8\avgtray.exeC:\Program Files\Internet Explorer\iexplore.exeC:\PROGRA~1\AVG\AVG8\aAvgApi.exeC:\Program Files\Malwarebytes' Anti-Malware\mbam.exeC:\Program Files\Trend Micro\HijackThis\HijackThis.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blankR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blankR3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dllO2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dllO2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dllO2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dllO2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dllO2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dllO2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLLO2 - BHO: ZoneAlarm Spy Blocker BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLLO3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLLO3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dllO3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLLO4 - HKLM\..\Run: [OEM02Mon.exe] C:\WINDOWS\OEM02Mon.exeO4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exeO4 - HKLM\..\Run: [broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exeO4 - HKLM\..\Run: [KADxMain] C:\WINDOWS\system32\KADxMain.exeO4 - HKLM\..\Run: [sigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exeO4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exeO4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exeO4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exeO4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osbootO4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [LowRateVoip] "C:\Program Files\LowRateVoip\LowRateVoip.exe" -nosplash -minimizedO4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quietO4 - Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXEO4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exeO4 - Global Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXEO7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLLO9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dllO9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dllO9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://www.pandasecurity.com/activescan/cabs/as2stubie.cabO16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cabO17 - HKLM\System\CCS\Services\Tcpip\..\{03F38D1F-144D-426C-AE91-B9E6261385E4}: NameServer = 192.168.1.10 192.168.1.130O17 - HKLM\System\CS1\Services\Tcpip\..\{03F38D1F-144D-426C-AE91-B9E6261385E4}: NameServer = 192.168.1.10 192.168.1.130O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dllO20 - AppInit_DLLs: avgrsstx.dllO23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exeO23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exeO23 - Service: Office Source Engine (ose) - Unknown owner - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXEO23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Program Files\SigmaTel\C-Major Audio\DellXPM_5515v131\WDM\STacSV.exeO23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exeO23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE--End of file - 7250 bytes Link to post Share on other sites More sharing options...
JeanInMontana Posted November 22, 2008 ID:36068 Share Posted November 22, 2008 Hi again. I'm not seeing malware, and the stuff in the Panda log has to be false positives, they are listing MBAM also.Couple things to clean up and the cause of your reg edit issue is this O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1 It's disabled. I can't find that key at all in my registry, I go as far as System and Policy and there is nothing for Regedit. I'm thinking it's ZoneAlarm or AVG blocking.Please run HJT in scan only and put a check next to the following then click fix.R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blankR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blankPlease make sure you do set a start/home page, so we know if your being hijacked. Use Google, or any site of your choice.How are you running now? MBAM has updated since your last scan also. Link to post Share on other sites More sharing options...
jamparing Posted November 22, 2008 Author ID:36076 Share Posted November 22, 2008 Thank you Jean. I have followed your instruction, but regedit command and task manager are still disabled.. I run updated MBAM quick scan and it still detects infection of Hijack.Task Manager. I am waiting your further instructions.. Link to post Share on other sites More sharing options...
JeanInMontana Posted November 23, 2008 ID:36082 Share Posted November 23, 2008 Ooops you can put the item MBAM is finding into the ignore list. Your sure your running as an administrator? Link to post Share on other sites More sharing options...
JeanInMontana Posted November 23, 2008 ID:36085 Share Posted November 23, 2008 Let's remove O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1 with HJT reboot and see what works. Link to post Share on other sites More sharing options...
jamparing Posted November 24, 2008 Author ID:36278 Share Posted November 24, 2008 I appologize for the late reply.. I've done your instruction, but the problem still remains. anytime i tried to open task manager and regedit, it's said that my task manager/regedit has been disabled by administrator (I am the only one who use that laptop!). Link to post Share on other sites More sharing options...
jamparing Posted November 28, 2008 Author ID:36746 Share Posted November 28, 2008 Hi Jean, I have read over all your advices, and I interpret that if there's no malware than if must be something wrong with my operating system. I repair my windows using its CD, and now it's working fine! Thank you very much for your help so far, it's really appreciated! Link to post Share on other sites More sharing options...
Katana Posted November 30, 2008 ID:36951 Share Posted November 30, 2008 Hi jamparing, I'm sorry for the delay, Jean' isn't available at the momentIf you still require help, please do the followingDownload and Run RSITPlease download Random's System Information Tool by random/random from here and save it to your desktop.Double click on RSIT.exe to run RSIT.Click Continue at the disclaimer screen.Once it has finished, two logs will open:log.txt will be opened maximized.info.txt will be opened minimized.[*]Please post the contents of both log.txt and info.txt. Link to post Share on other sites More sharing options...
Recommended Posts